How can I secure a WordPress blog using OpenID from a single provider?
We’re about to launch an internal blog for the company I work at. Much of the blog will be available to the public, but certain posts will be for employees only.
Our intranet/extranet has an OpenID endpoint which we would like to use to secure the private blog posts. There are many benefits to this – not least that people won’t have to sign in with yet another username and password.
Additionally, when someone new to the blog signs in with their OpenID, we don’t want to have to require them to set up a local WordPress user account – we’d like that to be handled automatically. If a user doesn’t exist with the OpenID specified, one should be created automatically.
Incidentally, we’ve taken this route with other third party software that we’ve used in-house. In most cases, we’ve taken the OpenID consumer plugin that came with the software (a DotNetNuke-based learning system) and modified the login form so that, instead of presenting users with a URL input field for their OpenID, we present them with a button that simply says “Login with [Your Intranet]”.
So, in short, we’d like to:
- Allow the vast majority of users to use OpenID to sign in to WordPress
- Not require that those users already have a local WordPress user account
- Restrict the OpenIDs accepted to those from a single domain, either by hardcoding the endpoint used or by configuring a list of approved endpoint domains
I’ve looked at the plugins available on WordPress.org and can’t see any that offer this level of functionality ‘out of the box’, but would love to hear from people who could suggest anything, especially from anyone who’s done this.
Additionally, an idea of which plugin to use to base a new plugin on if we need to write this full functionality ourselves, would be great.
Update: 4/2/13: We’ve installed the WordPress OpenID plugin and will probably use this as our base. I’ll continue evaluating.
Leave an answer